Windows 10 News and info | Forum
June 04, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Chrome, Edge, Safari hacked at elite Chinese hacking contest  (Read 89 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 31456

I Do Windows

WWW Email
« on: November 17, 2019, 10:59:09 PM »

tianfu-cup-results - click to enlarge
China's top hackers have gathered this weekend in the city of Chengdu to compete in the Tianfu Cup, the country's top hacking competition.

Over the course of two days -- November 16 and 17 -- Chinese security researchers will test zero-days against some of the world's most popular applications.

The goal is to exploit and take over an app using never-before-seen vulnerabilities. If attacks succeed, researchers earn points towards an overall classification, cash prizes, but also the reputation that comes with winning a reputable hacking competition.

The Tianfu Cup's rules are identical to what we see at Pwn2Own, the world's largest hacking contest. The two events are more tied than most people know.

Prior to 2018, Chinese security researchers dominated Pwn2Own, with different teams winning the competition years in a row. Now, all that talent is going against one another.

In the spring of 2018, the Chinese government barred security researchers from participating in hacking contests organized abroad, such as Pwn2Own. The TianfuCup was set up a few months later, as a response to the ban, and as a way for local researchers to keep their skills sharp. The first edition was held in the fall of 2018 to great success, with researchers successfully hacking apps like Edge, Chrome, Safari, iOS, Xiaomi, Vivo, VirtualBox, and more.


The competition's first day was its busiest, with 32 hacking sessions scheduled on Saturday. Of these, 13 were successful, seven hacking sessions failed, and in 12 sessions security researchers abandoned exploitation attempts, for various reasons.

Of the successful sessions, Tianfu Cup organizers reported successful hacks of:

(3 successful exploits) Microsoft Edge (the old version based on the EdgeHTML engine, not the new Chromium version) tweet

(2) Chrome hacks tweet

(1) Safari tweet

(1) Office 365 tweet, tweet

(2) Adobe PDF Reader tweet

(3) D-Link DIR-878 router tweet

(1) qemu-kvm + Ubuntu tweet, tweet

After the first day, Team 360Vulcan, a former Pwn2Own winner, is in the lead.

In the past, many software vendors have begun to attend hacking competitions, where they send representatives to pick up vulnerability reports minutes after a hacking session ends -- with some vendors shipping patches within hours.

There were few vendors at Tianfu Cup; however, with many high-profile successful exploits being recorded in the competition's first two editions, many companies will most likely begin considering sending a representative next year. Google had members of the Chrome security team on site. A Microsoft spokesperson acknowledged our email, but could not reply before this article's publication.

A competition spokesperson told ZDNet today that organizers plan to report all bugs discovered today to all respective vendors at the competition's end.


Of the 16 sessions scheduled for the second day of the competition, only half went through as planned, with researchers giving up on eight. Of the successful half, seven hacking sessions succeeded, with only one failing to hit its mark. The seven successful exploits targeted:

(4) D-Link DIR-878 tweet]

(2) Adobe PDF Reader tweet

(1) VMWare Workstation tweet, tweet

Team 360Vulcan gave up on their attempt to exploit iOS in their highly awaited session, which was also scheduled last, to end the tournament.

Team 360Vulcan, however, won the competition regardless, earning $382,500 for their efforts of hacking Microsoft Edge, Microsoft Office 365, qemu+Ubuntu, Adobe PDF Reader, and VMWare Workstation.

A big role in winning the competition played the VMWare and qemu+Ubuntu exploits, which brought in $200,000 and $80,000, respectively.

tianfu-cup-team-results - click to enlarge


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page May 17, 2020, 05:52:45 AM